We have an apparent problem in that some requests to our IIS server do not have cookies. We actually have an ISAPI filter that is reporting the problem but we would like an independent verification: (a) how do we set up a filter in Wireshark that shows the http requests that do NOT have cookies [ignoring those that do]. (b) how to we set up a filter that shows HTTP traffic with cookies that exceed a certain size Thanks asked 31 Jan '11, 16:02  Julian Dohmen |
2 Answers:
(a) (b) not sure how to do this, there doesn't seem to be a good way to filter for this, but maybe somebody else has a good idea answered 31 Jan '11, 16:45  Jasper ♦♦ edited 31 Jan '11, 17:07 |
Capture HTTP GET requests: You can find this and other capture filter examples in the Wireshark Wiki. answered 01 Feb '11, 21:13  joke |
Thanks! I am pretty new to Wireshark - I see that the filter above is a Display Filter which I am trying out [and I did use the word show of course] but is there a capture filter that would only allow cookie-less http requests through? Thanks
I'm not sure if this is possible, maybe through some very advanced offset matching filters, but that is beyond my experience as I rarely use capture filters at all (and when I do I usually filter on nothing more than MAC or IP addresses). Maybe somebody else has a solution for you.
Thanks - we can probably use your display filter as the main thing is to see items without cookies.